Tagged Questions

PGP is short for "Pretty Good Privacy". It is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to ...

Say I have several different email accounts and I want to use a different encryption key for each of them but still have them all certified under one identity. Is this a good idea and how would I do ...

I would like to know the practical limitations to contact chaining multiple peoples pgp key's in order to protect a file.
In normal public key cryptography, four keys are required, public and private ...

I've published my OpenPGP key publicly on the MIT key server. Later I realized I needed to set the expiry date to an earlier date than the one the (sub-)key was published with.
I managed to do this ...

I noticed that when looking at OpenPGP keys on a key server, the key's bits definition is usually followed by a letter, as in "4096D" for example. However, there are also keys with other letters than ...

When signing a key X in the PGP Web of Trust model, I assign the key full validity. Other people who have my key in their key ring can regard X as valid as far as they fully trust me (owner trust).
...

I have OpenPGP key pairs for two of my email addresses. When I created them, I did not know that it was possible to just add another user id to the first key pair. Then I found out it is possible from ...

Sometimes it can be advantageous to use existing trust relationships in one certification world - X.509 or PGP - to create trust in the other world. At the lowest level I can always take an X.509 cert ...

Is there any point in signing an OpenPGP public key that has not been uploaded to a key server? In other words: does anyone except person A who signs person B's public key notice that the signing has ...

I've read quite a few different articles on how to setup PGP keys with an offline master key. I own multiple YubiKey NEO hardware smart cards which I intend on using for PGP and as an SSH key. One of ...

What risks to compromise my key, aside from the risk of the phone to be stolen, do I face when I use my private pgp key on a Motorola smartphone with the K-9-app? Can I mimimize the risk by using a ...

Say I have an email and I want to send it to someone else. I encrypt it with his public key. This ensures that only he can read my message. Does this also means that I won't be able to read it? If so, ...

I'm reading Cryptography and Network Security Principles and Practices (5th ed, p584) and reading about PGP keyrings, I'm a little confused about the differences between the owner trust field and the ...

After some research without any answer to my question, if it's possible and does it make sense to sign an E-mail with PGP and s/mime (?), I'm hoping to get an answer here.
I know that, PGP and S/MIME ...

When I send, say, a great recipe for funnel cake to Alice and Bob using GPG, I can be pretty sure they will both be able to decrypt it. However, can I be certain, or prove after the fact, that they ...

Background: I'm writing a GPL Python OpenPGP to JSON parser which I'm testing on files generated with GPG 1.4.16.
If given a passphrase, the parser will generate keys using the string-to-key methods ...

With regards to encryption and preventing a 3rd party from viewing my emails (and ignoring validity/signing), is encrypting an email via PGP or S/MIME useful when I control my server and my recipient ...

Both OpenSSH and GPG can generate key pairs which are stored as files in well-known paths inside the user directory. A passphrase is always asked for during the generation process, which is then used ...

One thing that I found out when starting using PGP:
When I uploaded my keys to the SKS keyserver, the keyserver did not take any action to verify that I am who I claim to be.
Since a PGP key contains ...

I'm a little bit confused here, since the best practice suggests that main key should be completely offline, so which key should I upload to the public directory?
Here's what I have:
main key (sign ...

Axolotl Ratchet is used by Textsecure and is an enhanced version of OTR in a way to make it suitable for mobile applications, which has the probability to encrypt messages without both parties to have ...

I want to know technical details about how public PGP keyservers synchronize the keys.
If I send my key to one keyserver, how exactly does it "travel" to all the other ones? Who sends it to who and ...